openstack
/
tripleo-heat-templates
Code Issues Proposed changes
Browse Source

Move MySQL settings out of puppet/controller.yaml 

This moves the config settings out of controller.yaml for MySQL
and into puppet/services/database/mysql.yaml.

The top leve MysqlRootPassword is still maintained by default
in overcloud.yaml so that users who upgrade won't get
broken. New users may optionally specify the MysqlRootPassword
as a parameter instead which will take priority over the top
level generated parameter.

We drop the top level MysqlClusterUniquePart because it is no
longer used (I think it was a remnant from t-i-e).

Related-Bug: #1604414

Change-Id: I06ebac0f4c87dabfccefb2e550a64650868c5b26
changes/05/356505/10
Dan Prince 6 years ago
parent
a95e4c2afe
commit
58bf3932a8
5 changed files with 43 additions and 73 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      default_passwords.yaml
  2. 9
      overcloud.yaml
  3. 60
      puppet/controller.yaml
  4. 34
      puppet/services/database/mysql.yaml
  5. 10
      puppet/services/pacemaker/database/mysql.yaml

3
default_passwords.yaml
Unescape View File

@ -5,8 +5,6 @@ description: Passwords we manage at the top level
parameters:
DefaultMysqlRootPassword:
type: string
DefaultMysqlClusterPassword:
type: string
DefaultRabbitCookie:
type: string
DefaultHeatAuthEncryptionKey:
@ -21,7 +19,6 @@ outputs:
description: Password data
value:
mysql_root_password: {get_param: DefaultMysqlRootPassword}
mysql_cluster_password: {get_param: DefaultMysqlClusterPassword}
rabbit_cookie: {get_param: DefaultRabbitCookie}
heat_auth_encryption_key: {get_param: DefaultHeatAuthEncryptionKey}
pcsd_password: {get_param: DefaultPcsdPassword}

9
overcloud.yaml
Unescape View File

@ -399,15 +399,12 @@ resources:
controllerExtraConfig: {get_param: controllerExtraConfig}
HeatAuthEncryptionKey: {get_resource: HeatAuthEncryptionKey}
HorizonSecret: {get_resource: HorizonSecret}
MysqlClusterUniquePart: {get_attr: [MysqlClusterUniquePart, value]}
MysqlRootPassword: {get_attr: [MysqlRootPassword, value]}
PcsdPassword: {get_resource: PcsdPassword}
RabbitCookie: {get_attr: [RabbitCookie, value]}
RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]}
RedisVirtualIPUri: {get_attr: [RedisVirtualIP, ip_address_uri]}
ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]}
EndpointMap: {get_attr: [EndpointMap, endpoint_map]}
MysqlVirtualIP: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, MysqlNetwork]}]}
Hostname:
str_replace:
template: {get_param: ControllerHostnameFormat}
@ -612,11 +609,6 @@ resources:
properties:
length: 10
MysqlClusterUniquePart:
type: OS::Heat::RandomString
properties:
length: 10
RabbitCookie:
type: OS::Heat::RandomString
properties:
@ -627,7 +619,6 @@ resources:
type: OS::TripleO::DefaultPasswords
properties:
DefaultMysqlRootPassword: {get_attr: [MysqlRootPassword, value]}
DefaultMysqlClusterPassword: {get_attr: [MysqlClusterUniquePart, value]}
DefaultRabbitCookie: {get_attr: [RabbitCookie, value]}
DefaultHeatAuthEncryptionKey: {get_attr: [HeatAuthEncryptionKey, value]}
DefaultPcsdPassword: {get_attr: [PcsdPassword, value]}

60
puppet/controller.yaml
Unescape View File

@ -4,10 +4,6 @@ description: >
OpenStack controller node configured by Puppet.
parameters:
AdminPassword:
description: The password for the keystone admin account, used for monitoring, querying neutron etc.
type: string
hidden: true
AodhPassword:
description: The password for the aodh services.
type: string
@ -47,10 +43,6 @@ parameters:
default: false
description: Whether to enable fencing in Pacemaker or not.
type: boolean
EnableGalera:
default: true
description: Whether to use Galera instead of regular MariaDB.
type: boolean
EnableLoadBalancer:
default: true
description: Whether to deploy a LoadBalancer on the Controller
@ -149,31 +141,6 @@ parameters:
default: false
description: Whether IPtables rules should be purged before setting up the new ones.
type: boolean
MysqlClusterUniquePart:
description: A unique identifier of the MySQL cluster the controller is in.
type: string
default: 'unset' # Has to be here because of the ignored empty value bug
# Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
# constraints:
# - length: {min: 4, max: 10}
MysqlInnodbBufferPoolSize:
description: >
Specifies the size of the buffer pool in megabytes. Setting to
zero should be interpreted as "no value" and will defer to the
lower level default.
type: number
default: 0
MysqlMaxConnections:
description: Configures MySQL max_connections config setting
type: number
default: 4096
MysqlClustercheckPassword:
type: string
hidden: true
MysqlRootPassword:
type: string
hidden: true
default: '' # Has to be here because of the ignored empty value bug
NeutronMetadataProxySharedSecret:
description: Shared secret to prevent spoofing
type: string
@ -251,9 +218,6 @@ parameters:
type: string
description: Nova Compute upgrade level
default: ''
MysqlVirtualIP:
type: string
default: ''
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
@ -485,25 +449,14 @@ resources:
haproxy_stats_user: {get_param: HAProxyStatsUser}
heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
horizon_secret: {get_param: HorizonSecret}
admin_password: {get_param: AdminPassword}
debug: {get_param: Debug}
keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] }
enable_fencing: {get_param: EnableFencing}
enable_galera: {get_param: EnableGalera}
enable_load_balancer: {get_param: EnableLoadBalancer}
manage_firewall: {get_param: ManageFirewall}
purge_firewall_rules: {get_param: PurgeFirewallRules}
mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
mysql_max_connections: {get_param: MysqlMaxConnections}
mysql_root_password: {get_param: MysqlRootPassword}
mysql_clustercheck_password: {get_param: MysqlClustercheckPassword}
mysql_cluster_name:
str_replace:
template: tripleo-CLUSTER
params:
CLUSTER: {get_param: MysqlClusterUniquePart}
neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
aodh_internal_url: { get_param: [ EndpointMap, AodhInternal, uri ] }
aodh_public_url: { get_param: [ EndpointMap, AodhPublic, uri ] }
@ -569,8 +522,6 @@ resources:
redis_vip: {get_param: RedisVirtualIP}
sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]}
memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
mysql_virtual_ip: {get_param: MysqlVirtualIP}
ceph_cluster_network:
get_attr:
- NetIpMap
@ -680,17 +631,6 @@ resources:
# MongoDB
mongodb::server::bind_ip: {get_input: mongo_db_network}
# MySQL
admin_password: {get_input: admin_password}
enable_galera: {get_input: enable_galera}
mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
mysql_max_connections: {get_input: mysql_max_connections}
mysql::server::root_password: {get_input: mysql_root_password}
mysql_clustercheck_password: {get_input: mysql_clustercheck_password}
mysql_cluster_name: {get_input: mysql_cluster_name}
mysql_bind_host: {get_input: mysql_network}
mysql_virtual_ip: {get_input: mysql_virtual_ip}
# Neutron
neutron::bind_host: {get_input: neutron_api_network}
neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}

34
puppet/services/database/mysql.yaml
Unescape View File

@ -1,4 +1,4 @@
heat_template_version: 2016-04-08
heat_template_version: 2016-10-14
description: >
MySQL service deployment using puppet
@ -19,6 +19,21 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
MysqlMaxConnections:
description: Configures MySQL max_connections config setting
type: number
default: 4096
MysqlRootPassword:
type: string
hidden: true
default: ''
MysqlClustercheckPassword:
type: string
hidden: true
EnableGalera:
default: true
description: Whether to use Galera instead of regular MariaDB.
type: boolean
outputs:
role_data:
@ -42,5 +57,22 @@ outputs:
- 4567
- 4568
- 9200
mysql_max_connections: {get_param: MysqlMaxConnections}
mysql::server::root_password:
yaql:
expression: $.data.passwords.where($ != '').first()
data:
passwords:
- {get_param: MysqlRootPassword}
- {get_param: [DefaultPasswords, mysql_root_password]}
mysql_clustercheck_password: {get_param: MysqlClustercheckPassword}
enable_galera: {get_param: EnableGalera}
# NOTE: bind IP is found in Heat replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
mysql_bind_host: {get_param: [ServiceNetMap, MysqlNetwork]}
step_config: |
include ::tripleo::profile::base::database::mysql

10
puppet/services/pacemaker/database/mysql.yaml
Unescape View File

@ -20,11 +20,21 @@ parameters:
via parameter_defaults in the resource registry.
type: json
resources:
MysqlBase:
type: ../../database/mysql.yaml
properties:
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
description: Service MySQL with Pacemaker using composable services.
value:
service_name: mysql
config_settings:
get_attr: [MysqlBase, role_data, config_settings]
step_config: |
include ::tripleo::profile::pacemaker::database::mysql

Write Preview
Loading…
Cancel
Save